Certificate holders and users need the certainty that their Certificate Authority (CA) meets the highest possible security standards. QuoVadis is subject to a broad range of independent annual audit processes. This way, you can always trust that your certificates are in the best hands.
|
 |
ZertES Qualified Trust Services Provider
QuoVadis is authorized to issue qualified electronic certificates that conform to Swiss law (ZertES, Federal Electronic Signatures Act) and the European standard set by ETSI (European Telecommunications Standards Institute). Annual audits are performed by KPMG on behalf of BAKOM and SECO. The new ZertES became law on January 1, 2005 and supports secure, traceable and legally valid electronic business transactions as well as electronic document archiving (including the legally compliant filing and archiving of VAT-relevant documents). QuoVadis Qualified Time-Stamping Service is authorized to issue qualified electronic timestamps that conform to Swiss law (ZertES, Federal Electronic Signatures Act) and the European standard (ETSI). The reform of the Electronic Signatures Ordinance on January 1, 2017 introduced a mandatory qualified timestamp, which must be used with a qualified electronic signature. |
|
 |
EU Qualified Trust Service Provider
QuoVadis is a Qualified TSP accredited by the Dutch Rijksinspectie Digitale Infrastructuur (RDI) based on a BSI certification, complying with the requirements of the ETSI EN 319 411-1 and ETSI EN 319 411-2 standards for Electronic Signatures and Electronic Seals. This certification requires annual audits by the BSI. |
|
WebTrust Program for Certification Authorities (CAs)
QuoVadis is one of the few certificate service providers in the world to achieve the WebTrust for CAs qualification. This top certification validates the high level of trust attributed to QuoVadis certificates. WebTrust for CAs is subject to an annual audit by Ernst & Young.
WebTrust was created by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) as a globally recognized standard for certification service providers in order to guarantee the highest possible standards and quality at an international level. |
|
|
 |
WebTrust for Baseline Requirements
WebTrust for Baseline Requirements is the minimal requirement stipulated by the CA/B Forum and serves as a foundation for the audit of certification authorities. QuoVadis meets these requirements for the issuance and management of publicly trusted SSL certificates. Webtrust for Baseline Requirements requires an annual audit by Ernst & Young. “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” are defined minimum requirements for the issuance of TLS/SSL certificates. The “WebTrust for BR” certification requires QuoVadis to undergo an annual audit. |
|
|
 |
WebTrust for Extended Validation
WebTrust for Extended Validation is another top-tier recognition based on the strict “Guidelines for the Issuance and Management of EV Certificates” laid down by the CA/B Forum. WebTrust for EV presupposes the recognition as a WebTrust CA and is subject to annual auditing by Ernst & Young. “Guidelines for the Issuance and Management of EV Certificates“ are defined requirements for the issuance of TLS/SSL certificates with Extended Validation (EV). Only suitably accredited CAs may issue EV TLS/SSL certificates. The “WebTrust for EV” certification requires QuoVadis to undergo an annual audit. |
|
|
 |
WebTrust for Code Signing
WebTrust for Code Signing is used to assess a CA’s controls based on the minimum requirements defined by the code signing task force for the issuance and management of publicly accessible code signing certificates. WebTrust for Code Signing requires an annual audit. |
|
|
 |
WebTrust for S/MIME
WebTrust for S/MIME is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of S/MIME Certificates.” Only suitably accredited CAs may issue publicly trusted S/MIME certificates. WebTrust for S/MIME requires an annual audit. |
|
|
 |
PKIoverheid (Netherlands)
QuoVadis is a certification service provider/TSP for PKIoverheid, used by the Dutch government in particular for trusted internal and external electronic communication. DigiCert+QuoVadis is certified by the BSI to issue qualified electronic certificates that conform to the ETSI EN 319 411-1 and ETSI EN 319 411-2 standards for electronic signatures, electronic seals and website authentication and that are subordinate to the Dutch government’s root certificate. |
|
|
 |
Qualified Certification Services Provider (Belgium)
QuoVadis is registered and authorized by the Belgian FPS Economy – Quality and Safety to issue qualified electronic certificates in compliance with Belgian law including ETSI TS 101 456 for Qualified Certification Service Providers (CSP). |
|
|
 |
Bermuda Authorised Certification Services Provider
The Bermuda Authorized Certification Service Provider (CSP) accreditation is granted by the Ministry of Energy, Telecommunications and E-Commerce based on an external review defined in the Bermuda Electronic Transactions Act. The CSP standard includes elements of ISO 17799 (Code of Practice for Information Security Management), EESSI (European Electronic Signature Standardisation Initiative), and WebTrust for CAs. It requires a biennial re-certification. |
|
|
